<?php

/**
 * @category   Ahs
 * @package    Ahs_Acl * 
 * @author Thibaut Cromphaut, Gaïtano Boeraeve, Mathias Helin, Dimitry Dierickx
 * @copyright  Copyright (c) 2011 Artevelde University College Ghent 
 */


class Ahs_Acl extends Zend_Acl
{

    public function __construct($amf = false)
    {
        $this->addRole(new Zend_Acl_Role('Admin' )                 ) // ingelogde Admin 
             ->addRole(new Zend_Acl_Role('Senior'), array('Admin' )) // ingelogde Senior erft over van Admin   
             ->addRole(new Zend_Acl_Role('Junior'), array('Senior' ))// ingelogde Junior erft over van Senior
             ->addRole(new Zend_Acl_Role('Guest' )) 
             ;   
                
        if ($amf) {
            $this->_initAmf();
        } else {
            $this->_init();
        }
    }
    
    private function _init()
    {
        // Grand admin access to all resources and all privileges
        $this->allow('Admin')
             // Grant all roles access to the different modules
             ->addResource('defaultModule')
             ->allow(null, 'defaultModule')

             ->addResource('errorController') 
             ->allow(null, 'errorController')

             ->addResource('indexController')
             ->allow(null, 'indexController')

             ->addResource('userController')
             ->allow(null, 'userController')
                
             ->addResource('courseController')
             ->allow(null, 'courseController')
                
             ->addResource('announcementController')
             ->allow(null, 'announcementController')   
                
             ->addResource('bookController')
             ->allow(null, 'bookController')     
                
             ->addResource('chapterController')
             ->allow(null, 'chapterController')    
             
             ->addResource('messageController')
             ->allow(null, 'messageController')  
                
             ->addResource('articleController')
             ->allow(null, 'articleController')
                
             ->addResource('readinglistController')
             ->allow(null, 'readinglistController')
             
             ->addResource('seniorController')
             ->allow(null, 'seniorController')
                
             ->addResource('adminController')
             ->allow(null, 'adminController')
                
             //////////////////////////////////////////
             ///////////Guest AUTHORIZATIONS///////////
             //////////////////////////////////////////
             
             // Guest don't have access to anything but some basic actions
             ->deny( 'Guest'  , 'userController')
             ->deny( 'Guest'  , 'indexController')
             ->deny( 'Guest'  , 'courseController')
             ->deny( 'Guest'  , 'messageController')
             ->deny( 'Guest'  , 'announcementController')
             ->deny( 'Guest'  , 'bookController')
             ->deny( 'Guest'  , 'chapterController')
             ->deny( 'Guest'  , 'articleController')
             ->deny( 'Guest'  , 'seniorController')
             ->deny( 'Guest'  , 'adminController')
             ->allow('Guest'  , 'indexController', array(
                                                    'indexAction',
                                                    'legalAction',
                                                    'privacyAction',
                                                  ))
             ->allow('Guest'  , 'userController', array(
                                                    'loginAction',
                                                    'authAction',
                                                    'addAction',                                                  
                                                    'registerAction',
                                                  ))
             
             ///////////////////////////////////////////
             ///////////Junior AUTHORIZATIONS///////////
             ////////////inherits from Senior////////////
             ///////////////////////////////////////////
             ->deny( 'Junior' , 'seniorController')
                
             ///////////////////////////////////////////
             ///////////Senior AUTHORIZATIONS///////////
             ////////////inherits from Admin////////////
             ///////////////////////////////////////////
             ->deny( 'Senior' , 'adminController')
                
                
             ///////////////////////////////////////////
             ///////////Admin AUTHORIZATIONS////////////
             ///////////////////////////////////////////
             ->deny( 'Admin' , 'userController', array(
                                                    'loginAction',
                                                    'registerAction',
                                                  ))               

             // serviceModule
             ->addResource('serviceModule')
             ->allow(null, 'serviceModule')
             ->addResource('serviceModule.gatewayController')
             ->allow(null, 'serviceModule.gatewayController') 
        ;
        
    }
    
    private function _initAmf()
    {
        $this->addResource('Service_GatewayService')
             ->allow(null, 'Service_GatewayService');

    }

}
?>
